TLDR: VPN-newbie wants to learn how to set up and use VPN.
What I have:
Currently, many of my selfhosted services are publicly available via my domain name. I am aware that it is safer to keep things closed, and use VPN to access – but I don’t know how that works.
- domain name mapped via Cloudflare > static WAN IP > ISP modem > Ubiquity USG3 gateway > Linux server and Raspberry Pi.
- 80,443 fowarded to Nginx Proxy Manager; everything else closed.
- Linux server running Docker and several containers: NPM, Portainer, Paperless, Gitea, Mattermost, Immich, etc.
- Raspberry Pi running Pi-hole as DNS server for LAN clients.
- Synology NAS as network storage.
What I want:
- access services from WAN via Android phone.
- access services from WAN via laptop.
- maybe still keep some things public?
- noob-friendly solution: needs to be easy to “grok” and easy to maintain when services change.
I chose wireguard implemented by pivpn (i like pi’s)
Wireguard app on phone and a quick duckduck will find you a script or app for your laptop. Connected to your home in seconds.
PiVPN is elegant. Easy install, and I am impressed with the ascii QR code it generates.
But I could not make it work. I am guessing that my Android setup is faulty, orrrr maybe something with the Pi? This is incredibly difficult to troubleshoot.
What didn’t work?
As a side note i had to portforward in my router to make this work.
Obviously :) and make sure to forward to the correct LAN IP address, and make sure that machine has a static IP (or DHCP reservation).
Here is a script to easily install WireGuard and generate client config files for any server: https://github.com/Nyr/wireguard-install